New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Further harden against polluted properties #1285
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update the internals of the project to protect against the potential of polluted properties based on manual evaluation of the source code. Re- use the `hasOwn` function from `options.js` (moved to `reflection.js`) to achieve this. - `executables.js`: Explicitly check that `PATH` (or `Path`) isn't being inherited. This is the most obvious place where this is necessary as the code already accounts for the potential of `PATH` being undefined. - `platforms.js`: Safely get `OSTYPE` in case it isn't defined in order to avoid wrongly concluding the current system is a Windows system as a result of a polluted `OSTYPE` value. - `win.js`: Safely get `ComSpec` in case it isn't defined (already taken into account as well) to avoid using a default shell defined by a polluted property.
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #1285 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 16 16
Lines 1482 1492 +10
=========================================
+ Hits 1482 1492 +10
Flags with carried forward coverage won't be shown. Click here to find out more.
|
- Test that when `PATH` and `Path` are missing, no path is given to `which`. - Test that a polluted `PATH` value is not used. - Test that a polluted `Path` value is not used. - Simplify existing tests that unnecessarily require `PATH` and `Path` to be present on the path.
Test that a polluted `ComSpec` value is not used. Also, improve upon [1] by - Not requiring non-empty PATH strings - Improving test titles for newly added tests for the `executables.js` test suite. -- 1. e553a73
Otherwise they may fail. No matter how unlikely, we don't want these tests to be flaky in practice. I've opted to use `fc` within an AVA `test` over `testProp` because `fc.pre()` does not seem to work with `testProp` (test fails if check fails, instead of skipping it) and I think using `fc.pre()` is more expressive than filtering the arbitrary (though it has the same result and does work with `testProp`).
- Correct OSTYPE pollution test, arbitrary values were ordered incorrect - Improve ComSpec pollution test, include when ComSpec is defined - Cover scenario where a value is both defined and polluted by
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates to #1280
Summary
Update the internals of the project to protect against the potential of polluted properties based on manual evaluation of the source code. Re-use the
hasOwn
function fromoptions.js
(moved toreflection.js
) to achieve this.executables.js
: Explicitly check thatPATH
(orPath
) isn't being inherited. This is the most obvious place where this is necessary as the code already accounts for the potential ofPATH
being undefined.platforms.js
: Safely getOSTYPE
in case it isn't defined in order to avoid wrongly concluding the current system is a Windows system as a result of a pollutedOSTYPE
value.win.js
: Safely getComSpec
in case it isn't defined (already taken into account as well) to avoid using a default shell defined by a polluted property.As before, because this is standard Node.js behavior I consider this a hardening measure, not a security bugfix.